You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2018/02/06 01:17:00 UTC

[jira] [Commented] (MESOS-8547) Mount devpts with compatible defaults.

    [ https://issues.apache.org/jira/browse/MESOS-8547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353190#comment-16353190 ] 

James Peach commented on MESOS-8547:
------------------------------------

[This LWN article|https://lwn.net/Articles/688809/] explains the background pretty well.

> Mount devpts with compatible defaults.
> --------------------------------------
>
>                 Key: MESOS-8547
>                 URL: https://issues.apache.org/jira/browse/MESOS-8547
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Major
>
> The Mesos containerizer mounts {{devpts}} with the following options:
> {noformat}
> newinstance,ptmxmode=0666
> {noformat}
> Some versions of glibc (e.g. [2.17|https://github.com/bminor/glibc/blob/glibc-2.17/sysdeps/unix/grantpt.c#L158] from CentOS 7) are hard-coded to expect that terminal devices are owned by the {{tty}} group, so this causes containers that allocate TTYs to expect to have to chown the TTY (see grantpt code in glibc).
> Docker uses the following {{devpts}} default:
> {noformat}
> Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
> {noformat}
> I can think of a number of options
> # hard-code the "gid=5" option
> # look up the "tty" group from the host
> # propagate the devpts mount options from the host
> # look up the "tty" group from the container
> # make it the operator's problem (i.e. add configuration)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)